Merge pull request #55 from mposolda/master
KEYCLOAK-3825 Update about cache docs
This commit is contained in:
commit
f9a63dde80
3 changed files with 9 additions and 2 deletions
|
@ -45,4 +45,7 @@ client changes it's keys, {{book.project.name}} will automatically download them
|
|||
If you use client secured by {{book.project.name}} adapter, you can configure the JWKS URL like https://myhost.com/myapp/k_jwks assuming that https://myhost.com/myapp is the
|
||||
root URL of your client application. See {{book.developerguide.link}}[{{book.developerguide.name}}] for additional details.
|
||||
|
||||
WARNING: For the performance purposes, {{book.project.name}} caches the public keys of the OIDC clients. If you think that private key of your client
|
||||
was compromised, it is obviously good to update your keys, but it's also good to clear the keys cache. See <<fake/../../realms/cache.adoc#_clear-cache, Clearing the cache>>
|
||||
section for more details.
|
||||
|
||||
|
|
|
@ -53,6 +53,9 @@ You must define the OpenID Connection configuration options as well. They basic
|
|||
|Validate Signatures
|
||||
|Another optional switch. This is to specify if {{book.project.name}} will verify the signatures on the external ID Token signed by this Identity provider. If this is on,
|
||||
the {{book.project.name}} will need to know the public key of the external OIDC identity provider. See below for how to setup it.
|
||||
WARNING: For the performance purposes, {{book.project.name}} caches the public key of the external OIDC identity provider. If you think that private key of your Identity provider
|
||||
was compromised, it is obviously good to update your keys, but it's also good to clear the keys cache. See
|
||||
<<fake/../../realms/cache.adoc#_clear-cache, Clearing the cache>> section for more details.
|
||||
|
||||
|Use JWKS URL
|
||||
|Applicable just `Validate Signatures` is on. If the switch is on, then identity provider public keys will be downloaded from given JWKS URL.
|
||||
|
|
|
@ -1,9 +1,10 @@
|
|||
|
||||
[[_clear-cache]]
|
||||
=== Clearing Server Caches
|
||||
|
||||
{{book.project.name}} will cache everything it can in memory within the limits of your JVM and/or the limits you've configured
|
||||
it for. If the {{book.project.name}} database is modified by a third party (i.e. a DBA) outside the scope of the server's REST APIs or Admin Console
|
||||
there's a chance parts of the in-memory cache may be stale. You can clear the realm and user caches from the Admin Console by going
|
||||
there's a chance parts of the in-memory cache may be stale. You can clear the realm cache, user cache or cache of external public keys (Public keys of
|
||||
external clients or Identity providers, which {{book.project.name}} usually uses for verify signatures of particular external entity) from the Admin Console by going
|
||||
to the `Realm Settings` left menu item and the `Cache` tab.
|
||||
|
||||
.Keys tab
|
||||
|
|
Loading…
Reference in a new issue